Connect with us

News

NCC-CSIRT identifies two cyber attacks via Facebook, charging phones

Published

on

Nasiru Yusuf

The Nigerian Communications Commission’s Cyber Security Incident Response Team (NCC-CSIRT) has independently identified two cyber vulnerabilities and advised Nigerian telecom consumers on the measures to be taken to get protected from the cyber-attacks.

KANO FOCUS reports that the CSIRT, in its first-ever security advisories less than three months after its creation, has solely identified the two cyber-attacks targeting the consumers and proffer solutions that can help telecom consumers from falling victims to the two cyber vulnerabilities.

This is contained in a statement sent to KANO FOCUS by Director, Public Affairs Dr. Ikechukwu Adinde on Friday.

The statement said the first is described as Juice Jacking, which can gain access into consumers’ devices when charging mobile phones at public charging stations and it applies to all mobile phones.

The other is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.

According to CSIRT security Advisory 0001 released on January 26, 2022, with Juice Jacking, attackers have found a new way to gain unauthorized entry into unsuspecting mobile phone users devices when they charge their mobile phones at public charging stations.

Many public spaces, restaurants, malls and even in the public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets.

However, an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.

“Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone.

“This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.

“When an attacker gains access to a user’s Mobile phone, he gets remote access to the User’s phone which leads to breach in Confidentiality, Violation of Data Integrity and bypass of Authentication Mechanisms. Symptoms of attack may include sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage,” the statement said.

It added that the NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space; and not granting trust to portable devices prompt for USB data connection.

Other preventive measures against Juice Jacking, according to the statement include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s own power bank; keeping mobile phone off when charging in public places; as well as ensuring use of one’s own charger, if one must charge in public.

On the other hand, the NCC-CSIRT Advisory 0001 of January 27, 2022, warns that Facebook for Android is vulnerable to a permission issue which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone. The products affected include Versions 329.0.0.29.120 of Android OS.

With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as Email, Date of Birth, Check-ins, Mobile phone number, Address, Pictures and other information that the victim may have shared, which would only be visible to his/her friends.

However, to be protected from the Facebook-associated vulnerability, NCC-CSIRT in the security advisory recommends to users to disable the feature from their device’s lock screen notification settings.

The NCC-CSIRT was inaugurated in October, 2021 to provide guidance and direction for the constituents in dealing with issues relating to the security of critical infrastructure in their possession, and periodically assess, review and collate the threat landscape, risks, and opportunities affecting the communications sector, in order to provide advice to relevant stakeholders in those regards.

As the telecoms-industry specific intervention, the objective of which aligns with the objective of the National Cybersecurity Policy and Strategy (NCPS) document published by the Office of the National Security Adviser (ONSA), the NCC-CSIRT ensures continuous improvement of processes and communication frameworks to guarantee secure and collaborative exchange of timely information while responding to cyber threats within the sector.

In recent times, NCC-CSIRT has raised series of cyber-vulnerability awareness based on security advisories it receives from the Nigerian Cybersecurity Emergency Response Team (ngCERT), which is the national body for the implementation of the NCPS objective. However, Juice Jacking and Facebook for Android Friend Acceptance Vulnerabilities are the two first-ever cyber vulnerabilities published by the NCC-CSIRT.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Headlines

CHAN Qualifiers: Eguavoen invites Rabiu Ali, 2 other Pillars players for Ghana clash

Published

on

 

Nasiru Yusuf Ibrahim

 

 

Home-based Super Eagles coach, Augustine Eguavoen has invited Kano Pillars legendary midfielder, Rabiu Ali, and 29 players for the African Nations Championship (CHAN) qualifiers against Ghana.

 

KANO FOCUS reports that the 8th edition of the continental championship – reserved exclusively for footballers plying their trade with clubs in their country’s domestic Leagues with standard contracts – is scheduled to take place in February 2025 in Kenya, Uganda and Tanzania.

 

Kano Pillars’ evergreen midfielder, Rabiu Ali, who has scored eight goals this season, is among the players called.

 

The 44-year-old Ali has been a key player for Kano Pillars this season alongside Super Eagles captain, Ahmed Musa.

 

Other Kano Pillars players invited are Aminu Adam Sani and Nelson Abiam.

 

All the invited players will arrive at the Remo Stars Sports Institute, Ikenne-Remo, Ogun State on Wednesday, 4th December 2024, where the team will train ahead of the first leg of the qualification fixture against Ghana’s Black Stars B, billed for the Accra Sports Stadium on Sunday, 22nd December.

 

The second leg will take place at the Godswill Akpabio Stadium, Uyo on Saturday, 28th December.

 

Continue Reading

News

KanSLAM gets new government co-chair, Isa Haladu

Published

on

Nasiru Yusuf Ibrahim

 

Isa Haladu, the director, Planning, Research and Statistics Office of the Kano State Ministry of Health, has emerged as the co-chairperson, representing the government in the Kano State Accountability Mechanism (KanSLAM).

KANO FOCUS reports In a letter signed by Pharm Maimuna Yakubu, the Co-chair (CSOs) to Haladu, “the DPRS is recognized as the automatic Co-chairperson of KanSLAM.

“As a key player in this process, the DPRS’ office co-chairmanship will play an instrumental role in ensuring success of this partnership,” she said.

While officially presenting the letter to Haladu on Saturday at a KanSLAM review meeting at Joclarif Hotel in Zaria, Safiyanu Bichi a member of KanSLAM stated that Haladu’s emergence as the govt. co-chair will bring more development and opportunities for the SLAM.

In his remarks, the newly appointed government co-chairperson expressed his delight for being part of KanSLAM.

He stated that immediately he received the notification letter via email, he shared it with the Kano Commissioner of Health Dr Labaran Yusuf.

“I fully accept this responsibility and I am optimistic that this will facilitate in continuing the good work that KanSLAM has done in the past,” he said.

Haladu recalled how the SLAM transformed from Accountability Mechanism for Maternal and Child Healthcare in Kano State (AMMKaS) to KanSLAM, stressing that the SLAM is now enlarged and much more effective.

He added: “KanSLAM has contributed in the establishment of Private Health Institutions Management Agency (PHIMA), Kano State Contributory Healthcare Management Agency (KSCHMA), and Kano State Health Trust Fund (KHETFUND) and I believe more achievements are on the way.”

 

KanSLAM is a coalition of Civil Society Organisations, Civil Servants and Journalists advocating for improved service delivery in human capital development sectors.

 

Continue Reading

News

NCC Boss, Dr Maida Joins IIC Board of Directors

Published

on

 

 Nasiru Yusuf Ibrahim

 

 

The Executive Vice Chairman of Nigeria Communication Commission (NCC), Dr. Aminu Maida has joined the Board of Directors of TMT advocacy body of the International Institute of Communications(IIC).

 

KANO FOCUS reports that currently serving as the EVC/CEO at NCC, Dr Maida plays a pivotal role in shaping Nigeria’s telecommunications landscape. Under his leadership, the NCC continues to advance connectivity, foster innovation, and promote a competitive and inclusive telecommunications industry.

 

Dr Maida’s career includes significant contributions to leading global organizations such as British Telecom, Cisco Systems, and EE Ltd. He was also a pioneering engineering team member at UbiquiSys Ltd, a groundbreaking small-cell technology startup acquired by Cisco Systems in 2013.

 

Prior to his current role, Dr Maida was the Executive Director of Technology and Operations at the Nigeria Inter-Bank Settlement Systems PLC (NIBSS). There, he spearheaded the modernization of Nigeria’s central digital payments infrastructure, reinforcing its role as a critical enabler of the country’s financial ecosystem.

 

Dr Maida holds a Ph.D. in Electrical and Electronic Engineering from the University of Bath, an MEng in Information Systems Engineering from Imperial College London, and a Postgraduate Diploma in Entrepreneurship from the Cambridge Judge Business School.

Continue Reading

Trending